Processing of sensitive data

A.Y. 2016/2017
Overall hours
Learning objectives
The main objective of the course is to provide basic legal instruments to the expert of information technology security who will need, in relation to the performance of his profession, to treat sensitive data. The course will focus on the processing of sensitive data in its wider variations. During the lectures, students will be made available of lecture notes bearing the main applicable regulations, draft of agreements releted to critical services and corporate policies regarding the use of IT tools.
The course will be held only on Friday to allow the presence also working students.
It's recommended to attend the course's lesson in order to pass the final exam.
Expected learning outcomes
At the end of the course students will have a knowledge of the main regulations in terms of confidentiality and privacy, in an Italian and European context. Students will also acquire basics on the rights of the new technologies, which will be useful in their professional careers.
The setting of the course is highly practical and vocational.
Course syllabus and organization

Single session

Lesson period
First semester
Course syllabus
Module 1 - The processing of sensitive data.
The legislation.
The Data Protection Code. The sensitive data. The planned guarantees for the processing of sensitive data.
The right of information security.
The jurisprudence.
The Law related to sensitive data processing. Localization and processing of sensitive data.
Video surveillance. The profiling of sensitive data: limitations and rights. System administrators.
The cookie law.

Module 2 - Practical introduction to new technologies law
Introduction to the provider's responsibility.
Introduction to civil and contracts law. Typical and atypical contracts. Essential elements.
Introduction to copyright.
Introduction to labour law. The types of contract.
Introduction to innovative startups. The tax considerations. The creation of a startup.

Module 3 -Procedures of sensitive data collection in relation to enterprises.
Corporate policies.
Internet and email at work.
The use of social networks in the workplace.
The protection of confidential information.
Policy related to the tasks of system administrators.
Policy of management of data related to trade secrets.
Social Media Policy.
The contracts.
The information subject to contracts for critical services that involve the processing of sensitive data.
The software development contracts.
The contracts for the delivery of cloud services.

Module 4 - Information warefare, reputation, Social Media Security, OSINT & Big date.
Brand protection.
The concept of brand protection.
The right to personal identity and the right to oblivion.
OSINT & Big Data.
Information warefar.
Introduction to Legal Informatics Military.
The processing of sensitive data for national security purposes.
Cyberwar, Cyberweapon, rules of engagement in cyberspace.
The reputational brand systems and information control.
IUS/01 - PRIVATE LAW - University credits: 6
Lessons: 48 hours
Professor: Bonavita Simone
Educational website(s)
To be agreed